Performance Tuning for the VM-Series on AWS

Optimize the performance of the VM-Series firewall on AWS
Make sure that you do the following:
  • Pick the correct AWS Instance Types for your deployment. For example, you cannot deploy the c4.xlarge EC2 instance type because the VM-Series firewall requires 9G memory with 2 or 4 vCPUs, and the instance type only supports 4 vCPUs and 7.5G memory.
    The C5 and M5 instance types that have the Elastic Network Adapter support SR-IOV mode only on PAN-OS 9.0.3 and earlier versions. DPDK support is available starting with PAN-OS 9.0.3.xfr.
  • Select the VM-Series model and VM-Series firewall license that best suits your deployment needs. For help with sizing, refer to this article.
  • Enable DPDK using the CLI command
    set system setting dpdk-pkt-io on
    or bootstrap the firewall to use DPDK at launch, except if deploying the firewalls in an HA configuration. See init-cfg.txt File Components.
    For SR-IOV and DPDK driver support by PAN-OS version, see SR-IOV and DPDK Drivers on VM-Series Firewalls.

Recommended For You